I think a keylogger still has access to at least 2 of my devices

Yeah, I did that and a 7 pass erase on every disc I have except my iPhone. Same problems keep coming back.

I wiped my iphone, turned off wifi, bluetooth, haven't connected to iCloud and only use cellular.

This is from my "safer" device. Bear in mind it's been wiped of everything as of yesterday:

EtreCheck version: 3.1.5 (343)

Report generated 2017-02-14 20:17:05

Download EtreCheck from https://etrecheck.com

Runtime 1:56

Performance: Excellent

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Problem: No problem - just checking

Hardware Information: ⓘ

MacBook Pro (17-inch, Mid 2010)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro6,1

1 2.53 GHz Intel Core i5 (i5) CPU: 2-core

8 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

4 GB DDR3 1067 MHz ok

BANK 1/DIMM0

4 GB DDR3 1067 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 177

Video Information: ⓘ

Intel HD Graphics

Color LCD 1920 x 1200

NVIDIA GeForce GT 330M - VRAM: 512 MB

System Software: ⓘ

OS X El Capitan 10.11.6 (15G1217) - Time since boot: about one hour

Disk Information: ⓘ

Hitachi HTS725050A9A362 disk0 : (500.11 GB) (Rotational)

[Show SMART report]

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

MACINTOSH HD (disk1) / [Startup]: 498.89 GB (456.88 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 499.25 GB Online

HL-DT-ST DVDRW GS23N ()

USB Information: ⓘ

Apple Computer, Inc. IR Receiver

Apple Inc. Built-in iSight

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Inc. Apple Internal Keyboard / Trackpad

Gatekeeper: ⓘ

Mac App Store and identified developers

System Launch Agents: ⓘ

[not loaded] 7 Apple tasks

[loaded] 162 Apple tasks

[running] 70 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 45 Apple tasks

[loaded] 155 Apple tasks

[running] 90 Apple tasks

Internet Plug-ins: ⓘ

Default Browser: 601 - SDK 10.11 (2016-07-08)

QuickTime Plugin: 7.7.3 (2017-02-14)

3rd Party Preference Panes: ⓘ

None

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

97% mdworker(9)

6% plugin-container

5% kernel_task

4% WindowServer

2% fontd

Top Processes by Memory: ⓘ

703 MB kernel_task

549 MB firefox

541 MB plugin-container

475 MB softwareupdated

197 MB mdworker(9)

Virtual Memory Information: ⓘ

3.69 GB Available RAM

2.18 GB Free RAM

4.31 GB Used RAM

1.51 GB Cached files

0 B Swap Used

Diagnostics Information: ⓘ

Feb 14, 2017, 06:30:25 PM Self test - passed

Feb 13, 2017, 07:28:07 PM /Library/Logs/DiagnosticReports/soagent_2017-02-13-192807_[redacted].cpu_resour ce.diag [Details]

/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/C ontents/MacOS/soagent

Feb 13, 2017, 07:28:07 PM /Library/Logs/DiagnosticReports/callservicesd_2017-02-13-192807_[redacted].cpu_ resource.diag [Details]

/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd

Feb 13, 2017, 03:00:31 PM /Library/Logs/DiagnosticReports/firefox_2017-02-13-150031_[redacted].cpu_resour ce.diag [Details]

/Applications/Firefox.app/Contents/MacOS/firefox

Feb 13, 2017, 02:18:36 PM ~/Library/Logs/DiagnosticReports/com.apple.preferences.sharing.remoteservice_20 17-02-13-141836_[redacted].crash

/System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.a pple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences. sharing.remoteservice

This is the other log fresh off a 7 pass disk wipe:

This is from my "safer" device. Bear in mind it's been wiped of everything as of yesterday:

EtreCheck version: 3.1.5 (343)

Report generated 2017-02-14 20:17:05

Download EtreCheck from https://etrecheck.com

Runtime 1:56

Performance: Excellent

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Problem: No problem - just checking

Hardware Information: ⓘ

MacBook Pro (17-inch, Mid 2010)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro6,1

1 2.53 GHz Intel Core i5 (i5) CPU: 2-core

8 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

4 GB DDR3 1067 MHz ok

BANK 1/DIMM0

4 GB DDR3 1067 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 177

Video Information: ⓘ

Intel HD Graphics

Color LCD 1920 x 1200

NVIDIA GeForce GT 330M - VRAM: 512 MB

System Software: ⓘ

OS X El Capitan 10.11.6 (15G1217) - Time since boot: about one hour

Disk Information: ⓘ

Hitachi HTS725050A9A362 disk0 : (500.11 GB) (Rotational)

[Show SMART report]

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

MACINTOSH HD (disk1) / [Startup]: 498.89 GB (456.88 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 499.25 GB Online

HL-DT-ST DVDRW GS23N ()

USB Information: ⓘ

Apple Computer, Inc. IR Receiver

Apple Inc. Built-in iSight

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Inc. Apple Internal Keyboard / Trackpad

Gatekeeper: ⓘ

Mac App Store and identified developers

System Launch Agents: ⓘ

[not loaded] 7 Apple tasks

[loaded] 162 Apple tasks

[running] 70 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 45 Apple tasks

[loaded] 155 Apple tasks

[running] 90 Apple tasks

Internet Plug-ins: ⓘ

Default Browser: 601 - SDK 10.11 (2016-07-08)

QuickTime Plugin: 7.7.3 (2017-02-14)

3rd Party Preference Panes: ⓘ

None

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

97% mdworker(9)

6% plugin-container

5% kernel_task

4% WindowServer

2% fontd

Top Processes by Memory: ⓘ

703 MB kernel_task

549 MB firefox

541 MB plugin-container

475 MB softwareupdated

197 MB mdworker(9)

Virtual Memory Information: ⓘ

3.69 GB Available RAM

2.18 GB Free RAM

4.31 GB Used RAM

1.51 GB Cached files

0 B Swap Used

Diagnostics Information: ⓘ

Feb 14, 2017, 06:30:25 PM Self test - passed

Feb 13, 2017, 07:28:07 PM /Library/Logs/DiagnosticReports/soagent_2017-02-13-192807_[redacted].cpu_resour ce.diag [Details]

/System/Library/PrivateFrameworks/MessagesKit.framework/Resources/soagent.app/C ontents/MacOS/soagent

Feb 13, 2017, 07:28:07 PM /Library/Logs/DiagnosticReports/callservicesd_2017-02-13-192807_[redacted].cpu_ resource.diag [Details]

/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd

Feb 13, 2017, 03:00:31 PM /Library/Logs/DiagnosticReports/firefox_2017-02-13-150031_[redacted].cpu_resour ce.diag [Details]

/Applications/Firefox.app/Contents/MacOS/firefox

Feb 13, 2017, 02:18:36 PM ~/Library/Logs/DiagnosticReports/com.apple.preferences.sharing.remoteservice_20 17-02-13-141836_[redacted].crash

/System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.a pple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences. sharing.remoteservice

This is the only think that looks suspect from running etrecheck on all devices:

/etc/sudoers, File size 2299 but expected 1275

I google it and there are discussion in other forums but none in English?

Any ideas?

Point taken. To say I "Don't understand much about computers" is well, just LOL. I opened this thread saying, "I am not an IT expert." and I'm still not.

Is a Mac susceptible to a hack? In my opinion, yes. I've seen a lot of tiptoeing "Bill Clinton defense tactics" were people say it wasn't a high because it is "x" or you did "y" or "z".

At the end of the day I've been through three major virus MAC crashes, multiple violations regarding my Financial data, personal data, and finances themselves.

I'm not my any means detracting anything from Apple. I own four of their devices as well as a significant holding in stock. I wouldn't be even posting if I wasn't a supporter. LOL

I can't going to too much detail, because law-enforcement is now involved, in July was a victim of theft of items from my house which included tax returns.

At time, I figured my identity was being stolen so I started monitoring my credit, changed to strong / unique passwords, and closed and reopened financial accounts.

Going back through everything in my head, including their access to my social media accounts the only element I can see common to everything is at one stage or another someone me either was a sophisticated keylogger or access to my keychain.

I have been a Macintosh customer for 15 years and through all of the re-brands Mac.com, me.com, and iCloud.com I have had accounts open that I didn't even know about. I am one person. I have primary e-mail, that is all I want! I have even been told by Apple that there is no way to even delete these emails.

Which leads me to think a socially engineered hack. Not very difficult considering that "me" wasn't even sure who "me" really was in 11 different aliases. I wasn't the only one confused, so were the folks the Genius Bar.

In closing, Apple should take a look at possible kerberos vulnerabilities. For a process nicknamed after Hades Guard dog, I want to is bite to remain vicsois

Thank you, I believe at this point I may have been able thwart any new attack, just by aggravating in real or imagined malicious by virtue for getting my passwords every five minutes. I will your suggestion and this is what I came back with:

Jasons-iMac:~ jasonquinlan$ sudo cat /etc/sudoers

Password:

#

# Sample /etc/sudoers file.

#

# This file MUST be edited with the 'visudo' command as root.

#

# See the sudoers man page for the details on how to write a sudoers file.

##

# Override built-in defaults

##

Defaults env_reset

Defaults env_keep += "BLOCKSIZE"

Defaults env_keep += "COLORFGBG COLORTERM"

Defaults env_keep += "__CF_USER_TEXT_ENCODING"

Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"

Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"

Defaults env_keep += "LINES COLUMNS"

Defaults env_keep += "LSCOLORS"

Defaults env_keep += "SSH_AUTH_SOCK"

Defaults env_keep += "TZ"

Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"

Defaults env_keep += "EDITOR VISUAL"

Defaults env_keep += "HOME MAIL"

Defaults lecture_file = "/etc/sudo_lecture"

##

# User alias specification

##

# User_Alias FULLTIMERS = millert, mikef, dowdy

##

# Runas alias specification

##

# Runas_Alias OP = root, operator

##

# Host alias specification

##

# Host_Alias CUNETS = 128.138.0.0/255.255.0.0

# Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0

# Host_Alias SERVERS = master, mail, www, ns

# Host_Alias CDROM = orion, perseus, hercules

##

# Cmnd alias specification

##

# Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less

##

# User specification

##

# root and users in group wheel can run anything on any machine as any user

root ALL = (ALL) ALL

%admin ALL = (ALL) ALL

## Read drop-in files from /private/etc/sudoers.d

## (the '#' here does not indicate a comment)

#includedir /private/etc/sudoers.d

Jasons-iMac:~ jasonquinlan$

>>> one thing I've learned from this whole ordeal is to not read your computer's and think you have any clue what's going on. That's an easy way to get a state sponsored trip to the loony bin

Do you see anything that doesn't look kosher?